Breach, Data Security, Incident Response, TDR

Laptop containing patient data stolen from Philadelphia hospital

A laptop containing the personal information of patients was stolen from an office at Thomas Jefferson University Hospital in Philadelphia.

How many victims? 21,000.

What type of personal information? Names, birth dates, insurance information and Social Security numbers.

What happened? The laptop was stolen from an office in the hospital on June 14.

A hospital employee violated policy by copying data from the hospital's computer system to a laptop. The employee will be subject to unspecified disciplinary action.

Details: The laptop was password-protected, but the data was not encrypted.

Quote: “As upsetting as it is for me, I know it is even more upsetting for the people who have gone through it and I am really sorry that they have to deal with this,” said Thomas Lewis, Jefferson's president and chief executive.

What was the response? Jefferson has notified affected individuals and offered to provide them with identity theft protection services. Risk consultancy firm Kroll was brought in to conduct an investigation into the incident. Also, an internal review of hospital policies and procedures was carried out to ensure a similar incident does not occur in the future.

Source:, “Huge loss of patient data at Jefferson,” July 29, 2010.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.